Extending Python
Terry Reedy
tjreedy at udel.edu
Thu Jun 9 12:14:00 EDT 2005
"Johannes" <johannes.stromberg at strusoft.com> wrote in message
news:42a80841 at news.wineasy.se...
>I am thinking of replacing Lua as internal script controller and I know
>how to extend/embed python but is
> there a way of limiting what functionality can be actually be accessible
> to the user, f.e. I don't want the script to be able
> to read/write files?
There have been various threads on script security (see Google).
Summary: you can do various things to enhance security, such as replacing
builtins (like file() and open()), but, especially with new-style classes
and associated features, there is no known way to absolutely control
access. Besides which, 'while True: pass', in all its guises, is also hard
to stop.
Terry J. Reedy
More information about the Python-list
mailing list